Hello, On Mon, Nov 09, 2009 at 02:58:12PM +0100, Carl Fredrik Hammar wrote: > On Thu, Nov 05, 2009 at 12:29:54PM +0100, olafbuddenha...@gmx.net wrote: > > > > > Well, obviously, O_READ permission on a directory is sufficient to > > > create files in it. > > > > Ah, interesting... > > > > > I'm not sure whether this is a feature or a misbehaviour > > > > I don't think it's a bug -- doesn't seem very likely that nobody would > > have noticed such a fundamental bug all this time... > > I was about to say it's definitaly a bug, but a quick look in open(2) > states that open() should fail with EISDIR if open mode is write... > This suggests that adding entries depend on the permission bits > of the directory and the users and grougs of the client.
Thank you for the investigation! :-) It didn't occur to me to look into manpages first :-( > How to properly verify whether a client has this access in > a proxy such as unionfs is an interesting question. > If run by root it could recreate whatever auth object > the client is using, but its harder for a normal user. Generally, unionfs checks permissions whenever it is asked to carry out some operation. Similarly, when it is asked to create a new entry under a directory, it first checks the user's permissions. Although I fail to realize how unionfs would help root to recreate any auth object used by a client, I'd believe that root could recreate any auth object without the aid of unionfs, too :-) Regards, scolobb
